TOOL_EXPLORER

Security Tools & Discovery

A repository of community-submitted scanners, payload editors, decoders, and security utilities.

recon@x-gem

Nmap

Nmap (Network Mapper) is a powerful open-source tool used for network discovery and security auditing. ## 🔧 Installation ### Linux: sudo apt update && sudo apt install nmap ### Mac: brew install nmap ### Windows: Download from https://nmap.org/download.html ## ▶️ Basic Usage ### Scan a single target: nmap 192.168.1.1 ### Scan multiple ports: nmap -p 1-1000 target.com ### Service & version detection: nmap -sV target.com ### OS detection: nmap -O target.com ## ⚡ Advanced Usage - Aggressive scan: nmap -A target.com - Scan with scripts: nmap --script vuln target.com ## 🎯 Use Cases - Network reconnaissance - Port scanning - Vulnerability detection - Service enumeration ## 🧠 Pro Tip Use Nmap with -A only when needed, as it is noisy and detectable.

Burp Suite

Burp Suite is a professional web application security testing tool used for intercepting and modifying HTTP requests. ## 🔧 Installation ### Download: https://portswigger.net/burp Install and run the installer. ## ▶️ Setup 1. Open Burp Suite 2. Enable proxy (127.0.0.1:8080) 3. Configure browser proxy settings 4. Install Burp CA certificate ## ⚡ Usage ### Intercept Requests: Turn ON intercept and capture requests. ### Modify Requests: Edit parameters before forwarding. ### Repeater: Send request to repeater for manual testing. ### Intruder: Automate attacks like brute force or fuzzing. ## 🎯 Use Cases - Web app pentesting - Parameter tampering - Authentication bypass - Bug bounty hunting ## 🧠 Pro Tip Use Burp with FoxyProxy for easy browser switching.

exploitation@ixedgeforge

Metasploit

Metasploit Framework is a powerful exploitation framework used for developing and executing exploits. ## 🔧 Installation ### Linux: sudo apt install metasploit-framework ### Start: msfconsole ## ▶️ Basic Usage ### Search exploit: search vsftpd ### Use exploit: use exploit/unix/ftp/vsftpd_234_backdoor ### Set options: set RHOST target_ip ### Run: exploit ## ⚡ Advanced - Payload selection: set PAYLOAD linux/x86/meterpreter/reverse_tcp - Sessions: sessions -i 1 ## 🎯 Use Cases - Exploitation - Post-exploitation - Privilege escalation - Red teaming ## 🧠 Pro Tip Always use in legal lab environments only.

Gobuster

Gobuster is a brute-force tool used for discovering hidden directories and files. ## 🔧 Installation ### Linux: sudo apt install gobuster ## ▶️ Usage ### Directory brute-force: gobuster dir -u http://example.com -w wordlist.txt ### DNS brute-force: gobuster dns -d example.com -w wordlist.txt ## 🎯 Use Cases - Directory discovery - Hidden endpoints - Recon ## 🧠 Pro Tip Use SecLists wordlists for better results.

recon@x-gem

Amass

Amass is a reconnaissance tool used for in-depth subdomain enumeration. ## 🔧 Installation ### Linux: sudo apt install amass ## ▶️ Usage ### Passive scan: amass enum -passive -d example.com ### Active scan: amass enum -active -d example.com ### Save output: amass enum -d example.com -o output.txt ## 🎯 Use Cases - Subdomain discovery - Attack surface mapping - Recon phase ## 🧠 Pro Tip Combine Amass with other tools like Subfinder.

SQLMap

SQLMap is an automated SQL injection tool used to detect and exploit database vulnerabilities. ## 🔧 Installation git clone https://github.com/sqlmapproject/sqlmap.git cd sqlmap ## ▶️ Usage ### Basic scan: python sqlmap.py -u "http://site.com/page?id=1" ### Enumerate DBs: --dbs ### Dump database: --dump ## ⚡ Advanced - Use cookies: --cookie="PHPSESSID=xyz" - POST request: --data="id=1" ## 🎯 Use Cases - SQL Injection testing - Database extraction - Vulnerability assessment ## 🧠 Pro Tip Use --risk and --level flags for deeper testing.

Defensive@x-gem

KernelPatch

A lightweight bash utility and system configuration hardening script for Linux production servers that restricts access to sysctl parameters, kernel logs, and debug ports.

Reconnaissance@x-gem

ForgeScanner

A modular, high-speed parallel port scanner and service banner grabber with integrated vulnerability matching capabilities and custom protocol scripting.